Firewalls: RE: Dirty Dogs

Firewalls
(July 1996)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Dirty Dogs
From:	"Emmanuel Turner" <et @ shadowfax . whanganui . ac . nz>
Date:	Sun, 14 Jul 1996 18:36:24 +1200
To:	firewalls @ GreatCircle . COM
Comments:	Authenticated sender is <et @ shadowfax . whanganui . ac . nz>
Reply-to:	et @ shadowfax . whanganui . ac . nz

I've just checked my httpd accesslogs and found that my Polytech's 
server has been subjected to the cgi-bin/phf hack too.  As far as I 
can tell, no damage was done, though the hackers tried to :
- Kill processes on the server
- Reboot the server
- Create user accounts
- View the passwd file
- delete files

The attacks have come from various places and I've emailed the site 
admins, it will be interesting to see what kind of response I get.  
Lets just hope that the response is better than the one AOL gives :-)

---------------
Emmanuel Turner
IT Dept
Wanganui Polytech

NB : All opinions expressed, spelling and grammatical errors are mine and not my employers.

Follow-Ups:

phf hole (WAS: RE: Dirty Dogs )
From: Jan Koum <jkoum @ leland . Stanford . EDU>

Indexed By Date	Previous:	Re: IP Masquerading and vulnerabilities From: Mike Shaver <shaver @ neon . ingenia . ca>
Indexed By Date	Next:	phf hole (WAS: RE: Dirty Dogs ) From: Jan Koum <jkoum @ leland . Stanford . EDU>
Indexed By Thread	Previous:	RE: Dirty Dogs From: Shane T Kinsch <shane . kinsch @ brite . com>
Indexed By Thread	Next:	phf hole (WAS: RE: Dirty Dogs ) From: Jan Koum <jkoum @ leland . Stanford . EDU>